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In paragraph [0008], on page 5, of the originally filed application, please amend as 
reflected in Ihc following, marked-up version of the paragraph: 

I0008J The principles of the present invention allow for authorization of a requesting 

entity to occur largely, if not wholly, independent ofthe typo of the underlying data structure that 
is desired to he operated upon. This allows for a centralized authorization station that performs 
the entire authorization process for a wide variety of different services. The centralized 
authorization station may then inform die target service that the requested operation is authorized 
and provide the service with sufficient information to perform the desired operation on the target 
data structure. Although only one authorization station is described and illustrated for clarity, 
| there may feomore than one (and even numerous) authorization stations that perform the 
described authorization on behalf ofthe services. 

hi paragraph [0009], beginning on page 5, of the originally filed application, please 
amend as reflected in the following, marked-up version ofthe paragraph: 

In one embodiment, the authorization state^taJion_mainlains a number of role templates 
that each define basic access permissions with respect to a number of command methods. Those 
role templates may be included within a role map document in which all ofthe role templates 
corresponding to a particular service arc compiled. The role templates represent coarse-grained 
access permissions concsponding to permissions that might be of particular use when accessing 
the particular service. Thus, applications that arc not able to implement more fine-grained access 
control may at least implement these core role templates for coarser-grained control over access 
permissions. When the authorization station receives a request, it identifies the target service and 
thereby accesses the appropriate role map that contains the corresponding role templates. 
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In paragraph [0011], beginning on page 6, of the originally filed application, please 
amend as reflected in Die following, marked-up version of the paragraph: 

The request specifies the identity whose data is desired to be operated upon, as well as 
the type of document that is desired to be accessed (e.g., content, role list, system). Based on 
this, (he nulhorizaiion station may identify the appropriate role list. The authorization station 
sells the appropriate role definition within the role list using the user identifier, the application 
idcnlifier, and the platform identifier specified in the request. Also, the type of credentials used 
to authenticate arc also used to identify the appropriate role definition. Thus, one fMrthdnticating 
user .using a more secure authentication mechanism may be granted more extensive access than 
[he same user with the same application but using a less secure authentication mechanism. 

Tn paragraph [0036], on page 15, of the originally filed application, please amend as 
reflected in the following, marked-up version of the paragraph: 

Suppose that die target service is the service 121 referred to in-jHgme- 2 Figure I . The 
information is passed to too service dispatch module 221 of the service 121. The service logic 
222 then receives and processes the information. The service logic 222 is capable of performing 
standard methods 223. An example a standard method set includes insert, query, update, delete, 
and replace as illustrated. The service logic 222 may also include some service-specific methods 
224. 
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